hacking with paper
TRANSCRIPT
![Page 1: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/1.jpg)
HACKING WITH PAPER
By Sumedt JitpukdebodinWeb Application Security Specialist, ACIS i-Secure
LPIC-1, NCLA, C|EHv6, Sec+, eCPPT
![Page 2: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/2.jpg)
WHO AM I?
▪ Learning Guy▪ Activities Guy▪ Writer
▫ Thai And English Article For Penetration Testing.▪ My book “Basic Hacking And Security”(THAI)▪ Gray Hat in sometimes.
▪ CITEC▫ Writer Of Linux Security In Hackazine.▫ Lecturer Of Ethical Hacking and Master Of Exploitation Courses.▫ One Of CITEC Live Team.▫ Security And Linux Consultant in the community.
![Page 3: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/3.jpg)
MY JOB
i-Secure▪ Web Application Security Specialist▫ Security Research▫ Web Attacking Analysis▫ Web Application Firewall Engineer▫ Etc.
![Page 4: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/4.jpg)
WHAT IS PAPER HACKING?
▪ Not new.▪ Not hard.▪ New target.▪ New way?
![Page 5: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/5.jpg)
QR-CODE
▪ Barcode 2 Dimention▪ Japan▪ QR = Quick Response▪ Message, Contact, Picture anything that can be
the “characters” even “URL”▪ Maximum data 7089 numeric characters or
4296 alphanumeric characters = 2KB▪ Easy to read with Android and iOS Mobile and
Tablet.
![Page 6: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/6.jpg)
QR-CODE(2)
▪ QR-Code In Korea▪ Every train station▪ Scan to buy▪ Pay by mobile
![Page 7: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/7.jpg)
QR-CODE(3)
▪ QR-Code in Thailand▪ Magazine can talk!!!▪ http://www.youtube.com/v=X62xhsDqdBQ
![Page 8: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/8.jpg)
TREND OF MOBILE
▪ Speed▪ Popular▪ Price
▪ Protection▪ Awareness
![Page 9: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/9.jpg)
WHAT IS PAPER HACKING?
▪ QR-Code▪ Mobile▪ Social Engineering
![Page 10: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/10.jpg)
STEP OF ATTACK
1. Create the evil site(s).2. Mapping the site into the real world.3. Create the QR-Code.4. Lure the people.5. Happy Time ☺
![Page 11: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/11.jpg)
1) CREATE EVIL SITE.
▪ Android▫ Android Content Provider File Disclosure With
Metasploit▫ Android 2.0 ,2.1, 2.1.1 WebKit Use-After-Free Exploit
By MJ Keith▪ iPhone▫ iPhone MobileSafari LibTIFF Buffer Overflow
▪ Phishing▫ Gmail▫ Apple Store
![Page 12: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/12.jpg)
1) CREATE EVIL SITE(2)
▪ Create script for detect any device with $_SERVER[‘HTTP_USER_AGENT’]▫ Redirect it to the match page.
![Page 13: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/13.jpg)
1) CREATE EVIL SITE(3)
![Page 14: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/14.jpg)
1) CREATE EVIL SITE(4)
iPhone
Android
Others
Evilsite:8081
Evilsite:8080
Evilsite/phishing2
![Page 15: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/15.jpg)
2) MAPPING TO THE PUBLIC
▪ Forward Connections.▪ Dydns▪ NoIP
![Page 16: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/16.jpg)
2) MAPPING TO THE PUBLIC
![Page 17: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/17.jpg)
3) CREATE QR-CODE
▪ Web▫ http://qrcode.kaywa.com/▫ http://goqr.me/
▪ Android▫ QR Droid▫ QR Code Generator
▪ iPhone▫ Optiscan▫ Qrafter
![Page 18: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/18.jpg)
3) CREATE QR-CODE(2)
![Page 19: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/19.jpg)
4) LURE THE PEOPLE
▪ Social Engineering▫ Event▫ Interesting Word.▫ Negative Word.▫ Social Network.
![Page 20: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/20.jpg)
![Page 21: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/21.jpg)
5) HAPPY TIME ☺
Detect Device
Android
iPhone Others
Phishing2
Evilsite:8080Evilsite:8081
Phishing
![Page 22: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/22.jpg)
5) HAPPY TIME ☺(1)
![Page 23: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/23.jpg)
5) HAPPY TIME ☺(2)
![Page 24: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/24.jpg)
5) HAPPY TIME ☺(3)
![Page 25: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/25.jpg)
5) HAPPY TIME ☺(4)
![Page 26: Hacking with paper](https://reader034.vdocument.in/reader034/viewer/2022042821/55d28da0bb61ebb6698b4585/html5/thumbnails/26.jpg)
Q&A